This ransomware is notable mostly because it’s trying really hard to avoid detection, harder than most ransomware do. For more information on the ransomware itself, first specialized articles detail its advanced obfuscation level. Here is an update on the behaviour of Stormshield Endpoint Security and Stormshield Network Security.
Stormshield Endpoint Security – threat management
Interestingly enough, all found technical materials deal with one specific malicious binary, and the malware is not packed in any way.
Blocking the execution of the malware’s specific hash could then be efficient to block SNAKE, at least this specific version.
Hash: e5262db186c97bbe533f0a674b08ecdafa3798ea7bc17c705df526419c168b60
And as with all ransomware, one of the most effective ways to stop it is to use SES Application Control to allow only specific applications to access known file extensions. For example to prevent abnormal processes from accessing Microsoft Office documents, allow only Office applications to access Office documents.
Stormshield Network Security – threat management
Breach Fighter and SNS Premium Antivirus options both detect the binary described above.
In general, Breach Fighter option is also able to detect data encryption operations performed by ransomware, even when the binary hash is not known yet.
